Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all 5613 articles
Browse latest View live

NULL SID Security Log Event ID 4625 when attempting logon to 2008 R2 Remote Desktop Session Host

$
0
0
This is a new deployment of Server 2008 R2 in a newly created 08 R2 active directory on a newlyt installed 08 R2 RDSH server.

A new generic user is created in AD. That user can log on to the terminal server on the console just fine. But that user cannot logon via RDP. Furthermore, the domain admin credentials also cannot logon via RDP.

When either set of credentials is used, the logon attempt registered in the Windows Security Even Log as a denied attempt with Event ID 4625 reporting a NULL SID.

Troubleshooting: The RDSH has already been disjoined and rejoined to the domain. Also, curious note, there are three ways to save the user account on the RDSH server as a valid user account which has permissions to logon. The one Microsoft recommends is to open computer management and edit the remote desktop users group. When I the accounts here and click apply, they immediately dissapear. Secondly, I can open the computer properties and go to the remote tab. There I find the user accounts added using the previous method are enumerated but not displaying correctly. They show up with the RDSH server name and a question mark. The last way, is to open the Remote Desktop Session Configuration tool and edit the properties of the rdp connection and go to the security tab. This was the only place I could get a user to ‘stick’ but the logon attempts still show a NULL SID and access is denied.

I have scoured every bit of RDS documenation I can find with no luck.

Thanks,
Chris

Port 3389 not listening

$
0
0

Windows Server 2003R2. Terminal Services is installed and started. Remote Desktop is Enabled. In the Terminal Services Manager session window, RDP-TCP is shown as being in a listening state. But when I run netstat -a, port 3389 does not show up. RD client cannot connect. Telnet or ssh to that port does not connect.

TCP is working fine: I can use logmein to view the server; I can VPN to the server, I can look at SMB shares once the VPN is up. No TCP filtering is active. The Windows Firewall is not active.

How can I get port 3389 going and be able to RDP in?

 

The registry is still showing port 3389 as the listening port.

I have removed and re-created the RDP-tcp port without any trouble and without success. The properties are set on defaults.

Remote Desktop devices in the device manager show as operating fine.

It used to work fine and just recently (sometime in January) it stopped working. As far as I know, no new software was installed at that time.

I have reviewed a bunch of stuff found in Google but none of it seems to help, so far.

 

new user login cannot create a User Profile Disk - Server 2012 RDS

$
0
0
This issue started happening 2 days ago. Environment has been running stable for 2 years. When a new user logs in a UPD is not created.  Existing users log in just fine and have UPD.  What could be stopping the creation of the UPD?

Access is Denied - Remote Desktop

$
0
0

I have set up my Server (2008 R2 Foundation) for remote desktop and RemoteApp as per the instructions provided by Microsoft.  I am using a single server for all functions.  When a user logs in to the Server through remote desktop, the remote desktop screen comes up and then the user immediately gets an 'Access is Denied' message.  If the user connects through RDWeb, the RemoteApps are displayed, but when the user clicks on an application, they are prompted again for their login credentials and then they get the remote desktop screen with an 'Access is Denied' screen as well.  This happens even for Administrators.

I am getting very frustrated with this as I have read many blogs and tried everything to no avail.  PLEASE help me.

Remote destop service through WAP and ADFS

$
0
0

Hi,

We want to authenticate our Remote Desktop Services using Web Application Proxy and ADFS. Our WAP servers are in DMZ with no domain connection and ADFS and RD server are in internal network.

I have done installation using this link http://blog.tmurphy.org/2015/06/securing-rd-gateway-with-web.html?showComment=1456825504896#c264322045990361403

Authentication works now from external network as long as we can try to start RemoteApp from RD Web Access but then comes error "Remote desktop cannot connect to remote machine fff.fff.ff"

Possibilities:
1. User account is not contained in RD gateway user list
2. Yoy maybe have defined remote machine as NETBios format

Documentation is quite confusing. Is this because WAP servers are not domain connected or what could be the reason?

From internal network we can start and use RemoteApps. Our Office 365 authentication goes through same WAP and ADFS machines and it works

~ Jukka ~

 

Seamless Window on Mac OS X

$
0
0

Hello,

We are having a problem with MAC OS X clients not running a seamless window when launching a RemoteApp. Here is our setup;

4 Cluster RemoteApp running on Server 2012

Pulse Secure MAG 2600 for VPN Access

RSA for 2FA from the MAG

The problem we are having is when launching the RemoteApp from within out Pulse Secure VPN, the RemoteApp launches, however it goes straight to the desktop and does not launch the app in a seamless window. So what happens is the user goes to the desktop and none of the apps that they need are on the desktop as the server is locked down and the shortcuts are not visible. When running the same from a Windows client, the seamless app runs without any problems. Does anyone know if this is an issue with the MAC OS or a configuration issue on either the MAG or the Terminal Server? Any help would be greatly appreciated.

Thanks,

Gavin

Error ID 44 - "ESE error -1316 JET_errInvalidObject"

$
0
0

Good day together,

till now i did not find any solution which could help.

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System><Provider Name="Microsoft-Windows-TerminalServices-Licensing" Guid="{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" EventSourceName="TermServLicensing" /><EventID Qualifiers="0">44</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime="2016-01-09T17:17:48.000000000Z" /><EventRecordID>174173</EventRecordID><Correlation /><Execution ProcessID="0" ThreadID="0" /><Channel>System</Channel><Computer>CP51SRVTRM005R1.com.dir</Computer><Security /></System>
- <UserData>
- <EventXML xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="Event_NS"><param1>ESE error -1316 JET_errInvalidObject, Object is invalid for operation.</param1></EventXML></UserData></Event>

In this post: https://social.technet.microsoft.com/Forums/office/en-US/5a5b0197-01f4-4cda-b189-d14d8cd0e2cb/terminal-server-licensing-event-id-44?forum=winserverTS&prof=required the only solution was the rebuild of the database and to check the permission on the lserver folder.

This two solutions were also mentioned at https://technet.microsoft.com/en-us/library/ee891072(v=ws.10).aspx but didn´t helped to solve the problem!

The exception is that the problem did not appear periodically but always in the same timerange. Perhaps any service which uses the licenses and therefore the message: object invalid for operation?

Did any one got a suggestion how to solve it?

Please do not post a referral of the technet article (ID 44).  



RD deployment using one way trust

$
0
0

Hi,

We are deploying 2012R2 RD services and i have investigated different type of deployments. Our plan is to create new forest in DMZ and then establish one way trust between it and internal AD. RD Gateway will be in DMZ connected to new forest. Other roles will be in internal domain.

RODC is of course possibility but still we think new forest is safer choice

Is this working solution? And can we use remote apps from RD web access from both networks, internal and external?

Installation instructions would also be appreciated

~ Jukka ~


Process powershell.exe (). is a read-only domain controller. Exchange Active Directory Provider requires that domain controllers are not read-only.

$
0
0

Hello,

I'm receiving warning messages from one of the Exchange mailbox servers:

Process powershell.exe (). <Domain controller name> is a read-only domain controller. Exchange Active Directory Provider requires that domain controllers are not read-only.

My question is can I define a different DC to be used instead of the RODC ?

RemoteApp on 3 different servers?

$
0
0

Hi,

I'm connected to a remoteapp server from my W10 client at work and have configured remoteapp (link) in it to a remote desktop 2012 server.
Then there is another remote app LAB machine which I'd like to configure (testing purposes, only 1 server) and a LAB machine at home to test other items (only 1 server). Both lab-servers are not configured yet at all. They all are Windows 2012.

2 questions:

*Can that be done (on 2008 you could configure just an rdp and export it, that probably cannot be done anymore? but then connecting to 3 RDP 2012 servers for remote app)?

*Is there a website really needed to connect to (https://server/rdweb ...)?

1J.

<object data-extension-version="0.4.0.129" data-install-updates-user-configuration="true" id="__symantecPKIClientMessenger" style="display:none;"></object>

Jan Hoedt

Upgrading to RDP 8.0 on Windows 7 SP1 Does Not Work When Machine Is Host

$
0
0

Hello,

I'm trying to understand some confusing behavior I've been seeing after upgrading my Windows 7 SP1 machine to use RDP 8.0 as per the instructions.

Some digging has led me to believe these updates (along with the Local Group Policy changes) will configure both the RDP Client and Host to enable the new protocol (8.0).

However, when I try to connect to this machine from a Windows 8 device (supporting RDP 8.0 by default), I do not get the "Connection Quality Indicator" that's supposed to tell you you're getting RDP 8.0.

In other words, that little signal strength bar isn't there for me. The instructions say if I don't see this, it's not RDP 8.0.

Here's what I don't understand--if I use this Win 7 machine to connect to a Win 8 machine, the connection quality indicator DOES appear, and the dialog box is there as well. But connecting TO this machine does not. It's led me to believe that the RDP 8.0 is working for this Win 7 machine as a RDP client but not as a host.

I've followed the instructions precisely: I installed the hotfix KB2574819 and then the RDP update KB2592687 and changed both group policy settings. I've restarted my machine several times. I even threw in the upgrade to RDP 8.1 in an attempt to make it work. I know that the updates got applied because selecting

Remote Desktop Connection > About

shows me 'Remote Desktop Protocol 8.1 supported.'

My group policy has the 'Enable Remote Dektop Protocol 8.0' setting enabled, as well as 'Select RDP Transport Protocols' (set to both TCP and UDP).

Thoughts?




How to connect to a specific collection

$
0
0
Im trying to configure machines in computer labs to automatically RDP to the collection of desktops for each lab.  If I use the RDweb console, the shortcut it gives me looks like it uses the  loadbalanceinfo parameter to specify which collection to connect to.  Looking at MSTSC.exe command line options, I dont see it there.  I dont really want to have to deploy a pre-configured RDP shortcut (which would be different for each lab) to every machine.  I would much rather be able to use a command line with the name of the collection/server to connect to.  Is there no way to do this via command line?

VDI 2012R2 connection is stuck on 'Configuring remote session...'

$
0
0

Hi all,

I have a VDI2012R2 farm with personal desktop collection. All VMs in collection are Win7.

There are a number of client computers from outside that cannot connect to VDI VM. The connection is stuck on 'Configuring remote session...'. After period of time I got a message: "This computer can't connect to the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator."

I have checked a TerminalServices-SessionBroker -> Operational logs and found this "This connection request has timed out. User could not log on to the end point within the alloted time. Remote Desktop Connection Broker will stop monitoring this connection request.". Other logs are fine, I see that broker found necessary VM and succesfully processed the connection request.

If I tried to connect from other client PC - everything is ok. All clients, VMs, VDI servers and HyperV Hosts are fully updated. Affected clients are with different OS's (Win8.1, Win Server 2008R2, Win Server 2012R2).

What can cause these problems? Additional troubleshooting steps needed.

RDP (Remote Desktop) to Windows 10 without passwords not possible anymore. Bug or feature?

$
0
0

After upgrading two of my machines to Windows 10 (Education N clean install and Pro N upgrade from Win8.1), I was not able to set up Remote Desktop as I was used to since Windows 7 (maybe this was possible before, too).

I am used to configure Windows to allow RDP connections as a user without password (home usage only). Apparently this is not working anymore after upgrading to Windows 10. (I have enabled this by modifying secpol.msc 's security policies. Further informations provided if needed).

With the "no password" setup i get immediatly disconnected by the local machine which seems to auto login by itself after connecting via RDP. The only solution I managed to find so far was to set up a password. 

Is this a bug or a feature?

Cheers

Connection on RDP when password aging of the user expired

$
0
0

There is such infrastructure. There is a gateway of RDP on the basis of Windows Server 2012, on the same server the server role of the network policies is set up. It is authorized to some users to enter far off on the Windows Pro 7 workstations through the client of RDP with the tuned gateway.

Problem in the following. If the password of the user expired, then it can't enter a session on the workstation. Also the message is displayed:

Your computer can't connect to the remote computer because your password has expired or you must change the password.

Further the user won't be able to work any more, without resorting to the help of the administrator. It isn't clear why the dialog box of change of the password isn't given after that as it happens at usually workstation.

I found that if in the register of HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp to change the Security-Tcp parameter with 1 on 0, then in case of local RDP connection the dialog box of change of the password will appear. However in case of access through the gateway, the same error message is still given.

Other methods I didn't find the solution of the arisen problem. Maybe somebody will advise something?


High Resolution Laptop and Remote Desktop Compatibility

$
0
0

Greetings,

My boss recently purchased a high resolution laptop (3840 x 2160). His desire is to be able to use remote desktop while he is away to keep in touch with his computer at home base.

We have connected him to our server at our main facility using remote desktop. From there he uses remote desktop to remote into his physical computer in the office.

The primary problem with both remote desktop connections ports is the fact the sizing is way to small for someone to read. I try to turn down the resolution, but a few problems arise.

1) It will not allow full screen anymore

2) It will not allow window resizing

3) The box is too small to read.

I have played with font sizes within remote desktop to make it illegible for him but the result is that it becomes unusable by others that have to remote in.

My need is to find a way to keep the native resolution for the server and get this laptop to scale the connection to full screen in order to become usable.

I have tried to make remote desktop manager work for this and I have been having repeated issues. We are currently running windows server 2009. The laptop is running windows 8.1

Please help. any advice would be great.

Thanks,

J

How to identify RDP client version of connected users

$
0
0

All,

we are in process of migrating to RDSH 2012R2. However we are running into some strange issues.

Is there a way to determine what RDP version clients that connect to our RDSH 2012R2 farm are running? We have a mixed environment of ThinClients and Laptop/Workstations. It would help me if there was a way to retrieve the RDP client version for those connected users.

Thanks

Danny

Access to RDS from isolated network (+)

$
0
0

Hi all!

I have a sub-network with many huge firewalls across ) Long story short: from the client on this network i can telnet 3389 to my broker and every session host. I even can open rdp session to any of my session hosts. But if i try establish rdp session to broker or open published app from my portal i recieve error Connection Failed. Which ports i need to open from this networks to rds farm? Or may be its not a network related problem at all?

Thank you

RDP licensing question on Windows 2012R2

$
0
0

I have 10 RDP licenses managed on a Windows 2008 R2 server. Users are accessing Windows 2008R2 servers. If I wish to purchase 10 additional RDP licenses and have user access new Windows 2012 r2 servers will the original 10 User CAL's be licensed for accessing the Windows 2012 R2 servers as well? Or do I have purchase 20 RDP CALs for Windows 2012R2 servers?

What is I moved the RDP license server to a Windows 2012 R2 Machine?

Terminal Services, remote facilities and printing

$
0
0

We are using TS in a small farm of 5 servers, used by 10 facilities.  The facilities use a IPSec VPN to access the corporate LAN and TS farm.  We are dealing with printer issues and would like to hear from those who have done something like this in the past. 

We want only facility appropriate printers to be present for each user on any of the Terminal Servers they happen to end up on.  We have had the issue of having every printer in the entire organization available to users in a terminal session.  We want to have each user simply have available to them the printers that they would get if logged onto their desktop.  

Any thoughts on this would be greatly appreciated.  

Viewing all 5613 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>